Part of my company does computer forensics. As part of that our forensics team might testify in court that "Rob created a flat file export of the Customer Database on Dec 15, 03. He accessed this fla
Author: Robert Brockway <robert@xxxxxxxxxxxxxxxxx>
Date: Mon, 2 Feb 2004 16:30:11 -0500 (EST)
I do know of one such use of atime by a friend of mine while tracking an errant user. The problem (as I see it) is that a knowledgable user who owns the file or has root access (all too common on man
Given the possibilities to fake that info it is[0] (for usage in court or similar) probably better to actually have no atime. But if you (or someone) wants to use it in court (or similar) it should n
I don't do the forensic work myself but I know our examiners try to use the access time (and create/modify). FYI: About 10 years ago I was working at a company were a manager inadvertently corrupted